March

Coronavirus is sweeping the world with hackers taking advantage of people’s vulnerability and the uncertainty that exists in this situation.

The cyber threat landscape remains the same as do the techniques and methods that hackers utilize but hackers are also being more inventive and praying on innocent victims.

Phishing Attacks

This remains one of the most common forms of cyber attacks. The National Fraud Intelligence Bureau (NFIB) has announced that they are seeing cases of fraud where Coronavirus has been an avenue for cyber attacks. The losses are understood to be in excess of £800,000. Emails are inadvertently opened to trick individuals which leads to personal information being accessed by the hackers who then use this for illegal means.

This could include the impersonating of third party suppliers or the provision of business services. Another method is the bulk selling of face masks and hand sanitiser.

Also being seen are vishing (voice calls) and smashing (SMS) messaging. Everyone needs to be alert even more so to these dangers.

Hacker Scams

Another pattern emerging is bogus emails coming from research agencies who are affiliated to bodies such as the World Health Organisation (WHO). The e-mail content pretends to be able to divulge information on individuals who may have the infection.

All organisations are facing a huge challenge with this infectious disease and the consequences that it brings with business interruption being one of the main threats.

Cyber insurance includes incident response services which can assist with cyber attacks that may befall a company these include forensic investigation costs , public relations consultants and legal assistance. In the current climate it is even more important to have access to these specialist vendors.

The hotel industry has been a prime target for hackers and this trend is likely to continue. So why are cyber attacks so prevelant within this sector?

VolumesofData

Hotels hold vast quantities of data through many sources such as through their reservation systems for their customers . This will be personally identifiable information that would consist of names, addresss , e-mail addresses and passport details.

On–linePaymentProcessing

Customers will log-in on a hotel website to make a reservation which will require them to provide debit or credit card details. These details could be compromised in the event of a data breach. Payment transactions can also remain exposed for a while on computer systems which presents further opportunity. In 2017 hotels accounted for 92% of all point of sale intrusions.

Wi–Fi

The wi-fi in some hotels can be relatively insecure if their cyber security processes and procedures are not as robust as they should be. This can also lead to their data being compromised.

Symantec released a report this week which revealed that 67% of hotel websites surveyed leaked customer’s booking data. This was over 1500 hotel websites in 54 countries , this equates to two in three websites data could be used by third party sites such as advertisers.

Hotels relies on a supply chain which can include a number of contractors, broking and travel agencies . If there is a vulnerability with one of these it is possible that the hotel may be impacted by this causing business interruption or a data loss.

An Attractive Sector

This sector is a target because of the size of the market and the revenue that is generated each year, this provides opportunists threats for cyber criminals and the proliferation of fraud.

CyberAttacksontheHotelIndustry

There have been a number of high profile cyber attacks on hotels where hackers have sought to steal data or cause disruption to the business.

MarriotInternationalHotels

This is the largest data breach in this sector but also one of the largest in the world.

500 million guests were exposed to this cyber attack which included names and addresses and passport numbers. The attack emanated from the Starwood guest reservation database with who they had recently merged.Starwood themselves had previously experienced a data breach a number of years earlier.

Business in the UK suffer on average 38 ransomware attacks a day and it is likely that we will see a significant increase in this when GDPR comes into force on 25th May this year.

According to cyber security product developer Sonic Wall there are over 2,500 different know variants of ransomware hitting UK businesses which makes the task of managing these attacks becoming a formidable job to combat. One of the current trends of cyber attacks carried out by hackers was is that their targets appeared to be that of data with ransomware being an ideal method of disrupting businesses by corrupting their data, stealing it or perhaps holding them to ransom.

This form of cyber attack on a business is perhaps one of the most difficult to handle due to its unpredictable nature and the impact that it can have on a business leaving it paralyzed to operate. It is also normally time limited which adds the factor of stress to the business owners with the imminent threat of data being destroyed if the ransom is not paid within a specific deadline.

With GDPR there is added factor of a business being fined by the Information Commissioners Office (ICO) if data is compromised.The fines that could be imposed by the ICO are between 2 and 4% of global turnover depending on how the degree of the data breach. Uber would be an example of where the ICO could have imposed a heavy fine. Hackers held Uber to £750,000 ransom with the threat of releasing the data of 57 million customers. Uber would have been in the position of breaching GDPR rules on two occasions for the initial cyber attack and the fact that it was not disclosed as all data breaches will need to be advised to the ICO within 72 hours. It will be interesting to see how the ICO approach the question of fines and to what degree they are likely to impose the maximum fine threshold.

The paying of a ransom is am easy option to pacify alleviate a cyber attack but this could only be a short term solution as the hacker could return perceiving the business to be an easy target. There is also no guarantee that the files containing the data will be released and will remain encrypted with the business still unable to access the data.

Cyber insurance can help with ransomware attacks , in paying the actual ransom and the costs associated with negotiating with the hackers. The policy would also provide coverage for the forensic and IT costs to investigate a possible sideways attacks by the hackers into computer systems. A data breach will need to be managed and this specialist form of insurance provides incident response services backed by a panel of experienced vendors.

Ransomware attacks will undoubtedly increase once GDPR comes into force and businesses will need to improve their cyber risk management in order to avoid the wrath of the ICO and the damage to their reputation that a severe data breach may cause.

A denial of service attacks is a form of cyber attack where a hacker aims to make a computer or network unavailable to its user.

It’s full description is described as a Distributed Denial of Service (DDoS) attack and is carried out by disrupting the services of a host that are connected to the internet by flooding the target with bogus requests which will overload the computer making it inaccessible by the users.

The UK is only second behind the US as being the most targeted country for DDoS attacks. The UK is subject to just under 10%of the world’s DDoS attacks, whereas the US boasts 50.30% of the total of attacks.

Over the last year DDoS attacks have increased by 211% as reported by cyber security consultants Imperva. The main source of the attacks is South Korea over taking China .

In recent months the size of attacks have started to become much larger. An average attack is around 200 Gigabits per second but attacks of between 600Gbps and 1 Terrabit per second are now evident. An attack of this magnitude would cause serious disruption to a businesses computer systems.

Consequences of a DDoS Attack

Business Interruption

A business could be severely disputed for a period of time which prevents the business from trading normally.On-line retailers for example could loose a high volume of sales.

Reputational Harm

The business may suffer reputational issues following a DDoS attack and the perception by it customers that its cyber security procedures are not of a sufficiently robust standard

Common Types of DDoS Attacks

UDP Flood

User Datagram Protocol is where random ports are attacked on a computer system by packets which cause it to listen for applications on those ports and signal back with a ICMP packet.

Ping of Death

This is known as a “POD” that manipulates IP protocol by sending packets larger than the maximum byte allowance. As a result this causes the computer servers to crash.

Peer to Peer

This is where a peer to peer server is compromised to route traffic to a target website. Users are resultantly sent to the target website where it is eventually overwhelmed and is taken off line.

This DDOS attack heralded a new dawn of what these forms of cyber attacks can achieve as it bought down a huge chunk of the US internet.

It was called the Mirai bonnet and targeted the servers of Dyn which is a company that controls a large proportion of the the DNS infrastructure.This occurred in October last year and took place for almost a day. In its wake it bought down household names such as Twitter, the Guardian and Netflix in Europe and the US.

A network of computers were infected with malware know as a “botnet” and coordinates into bombarding a sever with traffic until it gives way under the weight of the traffic that it is being hit with.

What was unusual with the Mirai botnet which normally consists of a number of computers but this consisted of Internet of Things devices that included digital camera and DVR players.

Due to the fact that so many devices connected to the internet this enabled the attack to be so much larger than any other previous DDoS attack. The attack was thought to be the strength of 1.2 Tbps and twice as powerful of the next most powerful attack.

It is good business for hackers ….

Kaspersky Labs have carried out studies on Denial of Service attacks exploring the business model and its popularity. A DDos attack can costs as little as $7 an hour with the average rice being $25 an hour . The profit margin can be as much as 95%.

Cyber Insurance can provide assistance in the event of DDos attack by providing the following policy coverage :-

Business Interruption

Cyber Extortion

Incident Response Services

Businesees need to be prepared for the threat that a DDos attack can bring and it important that their cyber security risk management procedures are effective to combat attacks of this nature which are being bought about with increasing severity by hackers.

Malvertising …… the hidden threat – last week a number of major news websites saw their advertisment hijacked by a malicious angler campaign that attempted to install ransomware on users computers. The attack, which was initially targeted at US users, hit websites including the BBC, AOL, New York Times and the NFL ……the combined volume of traffic for these websites totalled billions of visitors.

It is understood that the malware was delivered through multiple ad networks, and used a number of vulnerabilities, which included a recently-patched flaw in Microsoft’s former Flash competitor Silverlight.

The Daily Mail , Skype and and the Premier League Fantasy website have all been targeted within the last month with malvertising campaigns.

Malvertising uses advertising networks to spread malicious flash objects and other pieces of malicious code to other websites. Hackers will then upload these malicious flash objects and other pieces of malicious code to ad networks, paying the network to distribute them like as if they are real advertisements.

For example you could visit a newspaper’s website and an advertising script on the website would download an ad from the ad network. The malicious advertisement would then in turn try to compromise the web browser.

Malvertising takes advantage of flaws in software that the user is utilizing in order to infect the user on a legitimate websites, this reduces the need to fool the user to visiting a malicious website.

The most popular times for these attacks are on a Friday when there is less monitoring being carried out for suspicious activities and when there is heavy web surfing during the weekends.

There are a number of methods used for injecting malicious advertisements or programs into webpages such as :-

Pop-up ads

Drive by downloads

Web widgets

Malicious banners on websites

Third party advertisments on websites

Third party forums such as forums or help desks

There are a number of ways of protecting websites from malvertising attacks such as keeping plug-ins and web browsers updated. Risk management also has an important role to play in particularly management and surveillance of the supply chain.

A cyber insurance policy can provide coverage for an attack of this nature through the disruption it may cause to a business and also the vendor services provided via monitoring and forensic investigation.

Cyber business interruption is considered by 49% of businesses to be their biggest concern in the event of a cyber breach according to the Institute of Directors recent policy report “Cyber Security; underpinning the digital economy”

The report, sponsored by Barclays carried out a survey of 1000 businesses which showed that one in eight members suffered damage as a result of a cyber business interruption attack. Of this 11% suffered actual financial loss which demonstrates that cyber crime can impact on the balance sheet of businesses in a significant fashion. Interestingly only 28% of these incidents were reported to the police.

Some other highlights of the Institute of Directors Policy Voice Survey were as follows:-

57% had a formal cyber/information security strategy in place

49% said they provided cyber awareness training for employees

43% didn’t know where their data was physically stored

72% experienced social engineering scams

20% hold cyber insurance (with 21% unsure if they did have this)

21% are considering the purchase of cyber insurance

The survey demonstrates that cyber security is taking a much higher profile within businesses and they are now actively improving their cyber security but there is room for considerable improvement. There were many key moments in 2015 with the high profile breaches of TalkTalk and Ashley Madison which has made businesses look up and think ” could this happen to us”? The answer is of course “yes” and in fact could be happening right now with an average breach taking six months to discover.

Richard Benham, Professor of Cyber Security Management , the author of the report has identified four key trends that are likely to become increasingly important in the coming years:-

Cyber in the boardroom – cyber risk is now at boardroom level and cyber risk strategies are likely to be formulate here.

Cyber education – the UK government will play an important role through the promotion of Cyber Essentials and the instigation of courses such as The National Awareness Course.

The Cloud – this will rise in prominence but businesses most not ignore the management of their data.

Cyber insurance – this form of insurance has developed in recent years to cover both first and third party exposures of a businesses , whilst still an evolving product it is being considered by more businesses and this is likely to increase.

The Institute commented “Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.”

The report concludes highlighting that cyber security is an international threat, the suggested key is to have in place a credible plan that can assess the large spectrum of threats and how these can best be managed by a business.

UK businesses can achieve this through robust cyber security management , this should be complemented with cyber insurance on the basis that coverage is appropriate for the business and that it is not recognized to be the “cure for all evils” in the cyber threat landscape that exists today.

A cyber insurance policy can provide coverage for cyber business interruption by way of standard coverage or a bespoke policy endorsement therefore helping a business to manage this cyber peril.